Linux and open source articles and tutorials based on real world projects and deployments

Building CentOS 7 NetFlows Monitoring station with nfsen and nfdump

In this article we will look into setting up NetFlows monitoring station with open source tools. It is extremely important to keep track of what is happening on your network, who are the highest talkers and which users or programs accessing which resources. In our LAB example we will have Cisco Router on which we will be exporting netflows and Linux based server on which we will run a tool called softflowd. Softflowd is open source tool capable of generating netflows. Nfsen is an open source tool and more information on this tool can be found at http://nfsen.sourceforge.net/#mozTocId467189.

3. Make sure is that your system data and php date set correctly. You may need to edit /etc/php.ini and adjust your date.timezone = "US/Eastern"

4. When you first visit your nfsen website you get error message Frontend – Backend version mismatch! You get this message the first time you connect because your browser doesn’t use the correct cookie/session id. After you navigate to a new page you get a cookie. This error can safely be ignored.

5. Make sure remote system, the one generating netflows has correct timezone and time set.

6. Troubleshoot nfcapd

First check running fcapd processes

#ps axo command | grep '[n]fcapd'

Check which ports nfcapd is listenoing on

#lsof -Pni | grep nfcapd

To test if nfcapd receiving data

#pidof nfcapd
"port num"
#strace -p "port num"

7. If you suspect there is a problem with nfcapd you can try runing it on Linux Server, You will need to install nfdump first.